CVE-2013-6427

Name of the Vulnerable Software and Affected Versions HPLIP versions 3.x through 3.13.11

Description The issue concerns multiple vulnerabilities in the HPLIP package of the Debian GNU/Linux operating system, which can be exploited by a local attacker to compromise the confidentiality, integrity, and availability of protected information. Specifically, the upgrade.py script in the hp-upgrade service launches a program from an http URL, allowing man-in-the-middle attackers to execute arbitrary code by gaining control over the client-server data stream.

Recommendations For HPLIP versions 3.x through 3.13.11, consider disabling the upgrade.py script in the hp-upgrade service until a patch is available to prevent man-in-the-middle attacks. Restrict access to the hp-upgrade service to minimize the risk of exploitation. Avoid using the http protocol for launching programs from URLs in the affected service until the issue is resolved.